Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
df57524c49
commit
9d9ad1b59f
3 changed files with 15 additions and 34 deletions
|
@ -127,22 +127,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
|
||||||
return &mile, nil
|
return &mile, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetMilestoneByID returns the milestone via id .
|
|
||||||
func GetMilestoneByID(id int64) (*Milestone, error) {
|
|
||||||
return getMilestoneByID(x, id)
|
|
||||||
}
|
|
||||||
|
|
||||||
func getMilestoneByID(e Engine, id int64) (*Milestone, error) {
|
|
||||||
var m Milestone
|
|
||||||
has, err := e.ID(id).Get(&m)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
} else if !has {
|
|
||||||
return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
|
|
||||||
}
|
|
||||||
return &m, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateMilestone updates information of given milestone.
|
// UpdateMilestone updates information of given milestone.
|
||||||
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
|
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
|
||||||
sess := x.NewSession()
|
sess := x.NewSession()
|
||||||
|
|
|
@ -51,9 +51,8 @@ const (
|
||||||
issueTemplateTitleKey = "IssueTemplateTitle"
|
issueTemplateTitleKey = "IssueTemplateTitle"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
// IssueTemplateCandidates issue templates
|
// IssueTemplateCandidates issue templates
|
||||||
IssueTemplateCandidates = []string{
|
var IssueTemplateCandidates = []string{
|
||||||
"ISSUE_TEMPLATE.md",
|
"ISSUE_TEMPLATE.md",
|
||||||
"issue_template.md",
|
"issue_template.md",
|
||||||
".gitea/ISSUE_TEMPLATE.md",
|
".gitea/ISSUE_TEMPLATE.md",
|
||||||
|
@ -61,7 +60,6 @@ var (
|
||||||
".github/ISSUE_TEMPLATE.md",
|
".github/ISSUE_TEMPLATE.md",
|
||||||
".github/issue_template.md",
|
".github/issue_template.md",
|
||||||
}
|
}
|
||||||
)
|
|
||||||
|
|
||||||
// MustAllowUserComment checks to make sure if an issue is locked.
|
// MustAllowUserComment checks to make sure if an issue is locked.
|
||||||
// If locked and user has permissions to write to the repository,
|
// If locked and user has permissions to write to the repository,
|
||||||
|
@ -239,7 +237,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var issueList = models.IssueList(issues)
|
issueList := models.IssueList(issues)
|
||||||
approvalCounts, err := issueList.GetApprovalCounts()
|
approvalCounts, err := issueList.GetApprovalCounts()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("ApprovalCounts", err)
|
ctx.ServerError("ApprovalCounts", err)
|
||||||
|
@ -422,7 +420,6 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos
|
||||||
}
|
}
|
||||||
|
|
||||||
func retrieveProjects(ctx *context.Context, repo *models.Repository) {
|
func retrieveProjects(ctx *context.Context, repo *models.Repository) {
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{
|
ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{
|
||||||
|
@ -781,7 +778,7 @@ func NewIssue(ctx *context.Context) {
|
||||||
|
|
||||||
milestoneID := ctx.QueryInt64("milestone")
|
milestoneID := ctx.QueryInt64("milestone")
|
||||||
if milestoneID > 0 {
|
if milestoneID > 0 {
|
||||||
milestone, err := models.GetMilestoneByID(milestoneID)
|
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
|
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
|
||||||
} else {
|
} else {
|
||||||
|
@ -865,7 +862,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
|
||||||
// Check milestone.
|
// Check milestone.
|
||||||
milestoneID := form.MilestoneID
|
milestoneID := form.MilestoneID
|
||||||
if milestoneID > 0 {
|
if milestoneID > 0 {
|
||||||
ctx.Data["Milestone"], err = repo.GetMilestoneByID(milestoneID)
|
ctx.Data["Milestone"], err = models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("GetMilestoneByID", err)
|
ctx.ServerError("GetMilestoneByID", err)
|
||||||
return nil, nil, 0, 0
|
return nil, nil, 0, 0
|
||||||
|
@ -2446,7 +2443,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
|
||||||
// GetIssueAttachments returns attachments for the issue
|
// GetIssueAttachments returns attachments for the issue
|
||||||
func GetIssueAttachments(ctx *context.Context) {
|
func GetIssueAttachments(ctx *context.Context) {
|
||||||
issue := GetActionIssue(ctx)
|
issue := GetActionIssue(ctx)
|
||||||
var attachments = make([]*api.Attachment, len(issue.Attachments))
|
attachments := make([]*api.Attachment, len(issue.Attachments))
|
||||||
for i := 0; i < len(issue.Attachments); i++ {
|
for i := 0; i < len(issue.Attachments); i++ {
|
||||||
attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
|
attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
|
||||||
}
|
}
|
||||||
|
@ -2460,7 +2457,7 @@ func GetCommentAttachments(ctx *context.Context) {
|
||||||
ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
|
ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var attachments = make([]*api.Attachment, 0)
|
attachments := make([]*api.Attachment, 0)
|
||||||
if comment.Type == models.CommentTypeComment {
|
if comment.Type == models.CommentTypeComment {
|
||||||
if err := comment.LoadAttachments(); err != nil {
|
if err := comment.LoadAttachments(); err != nil {
|
||||||
ctx.ServerError("LoadAttachments", err)
|
ctx.ServerError("LoadAttachments", err)
|
||||||
|
|
|
@ -268,7 +268,7 @@ func DeleteMilestone(ctx *context.Context) {
|
||||||
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
|
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
|
||||||
func MilestoneIssuesAndPulls(ctx *context.Context) {
|
func MilestoneIssuesAndPulls(ctx *context.Context) {
|
||||||
milestoneID := ctx.ParamsInt64(":id")
|
milestoneID := ctx.ParamsInt64(":id")
|
||||||
milestone, err := models.GetMilestoneByID(milestoneID)
|
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if models.IsErrMilestoneNotExist(err) {
|
if models.IsErrMilestoneNotExist(err) {
|
||||||
ctx.NotFound("GetMilestoneByID", err)
|
ctx.NotFound("GetMilestoneByID", err)
|
||||||
|
|
Reference in a new issue